CVE-2016-8986

medium

Published 2017-02-22 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2

4.0

VIR risk

6.5

Description

IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21998648

Application impact

Vendor	Product	Versions
ibm	websphere_mq	`8.0`
ibm	websphere_mq	`8.0.0.0`
ibm	websphere_mq	`8.0.0.1`
ibm	websphere_mq	`8.0.0.2`
ibm	websphere_mq	`8.0.0.3`
ibm	websphere_mq	`8.0.0.4`
ibm	websphere_mq	`8.0.0.5`

References

http://www.ibm.com/support/docview.wss?uid=swg21998648
http://www.securityfocus.com/bid/96412
http://www.ibm.com/support/docview.wss?uid=swg21998648
http://www.securityfocus.com/bid/96412

CWEs

CWE-284

Verify integrity in audit chain (admin only). AS-IS.